{"id":5617,"date":"2023-08-24T07:07:15","date_gmt":"2023-08-24T07:07:15","guid":{"rendered":"\/cybersecurity-blog\/?p=5617"},"modified":"2023-08-25T05:59:15","modified_gmt":"2023-08-25T05:59:15","slug":"xworm-technical-analysis-of-a-new-malware-version","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/xworm-technical-analysis-of-a-new-malware-version\/","title":{"rendered":"XWorm: Technical Analysis of a New Malware Version\u00a0"},"content":{"rendered":"\n

<\/p>\n\n\n\n

In this article, we will take a look at the latest version of an XWorm sample \u2014 a widespread malicious program that is advertised for sale on underground forums. <\/p>\n\n\n\n

We will analyze the functionality of our sample, as well as extract its configuration. <\/p>\n\n\n\n

Let\u2019s get started. <\/p>\n\n\n\n

What is XWorm Malware? <\/h2>\n\n\n\n

XWorm is a malware that targets Windows operating systems. It is known for its stealth and persistence, and a wide range of malicious activities, spanning from remote desktop control to ransomware and information theft.  <\/p>\n\n\n\n

Unfortunately, adversaries employ this threat widely \u2014it\u2019s not uncommon to see it in ANY.RUN<\/a>\u2019s top 10 most used malware by uploads. <\/p>\n\n\n\n

\n

TOP10 last week's threats by uploads ?
\u2b06\ufe0f #Redline<\/a> 219 (215)
\u2b06\ufe0f #Njrat<\/a> 144 (84)
\u2b06\ufe0f #Agenttesla<\/a> 112 (102)
\u2b06\ufe0f #Lumma<\/a> 84 (65)
\u2b06\ufe0f #Asyncrat<\/a> 84 (49)
\u2b06\ufe0f #Remcos<\/a> 82 (58)
\u2b06\ufe0f #Amadey<\/a> 80 (65)
\u2b07\ufe0f #Arkei<\/a> 54 (57)
\u2b07\ufe0f #Xworm<\/a> 43 (55)
\u2b07\ufe0f #Vidar<\/a> 33 (35)https:\/\/t.co\/sSi7yan9BV<\/a> pic.twitter.com\/0VNaiRojZh<\/a><\/p>— ANY.RUN (@anyrun_app) August 7, 2023<\/a><\/blockquote>